I tried to switch user to log as admin. Just after I licked Switch User button, I heard Comodo’s sound for when a popup opens asking permission.
I was inside Ctrl+Alt+Del, so obviously I couldn’t allow whatever was requiring autorization. No button was available, it was just the blue wallpaper screen. I couldn’t ESC back, couldn’t do anything at all. I waited to see if something happened and nothing. I had to reset the PC.
I know this won’t be considered a but, and some people will even blame me for that. But hey, regardless of configurations, once I clicked Switch User, there was no coming back. Comodo blocked Windows and that was it for me.
And the worse: now that I’m back in control of my PC, I don’t even know what I should manually allow so I can switch user. I just know that this Windows feature is blocked and I can’t use it.
My suggestion would be that the actions required to swich user to be white listed by default. And as better definitive solution, that we list all Windows actions that potentially blocks user away from Comodo dialog, and these actions be whitelisted (even hardcoded or at least not be able to be changed from MainUI), so that users aren’t blocked when asked for autorization.
The HIPS logs will tell you what was blocked but nothing should have been blocked if HIPS is set to safe mode unless you made drastic changes to the HIPS rules. Comodo does white-list every windows executable as they are digitally signed by microsoft which is listed in the trusted vendors list, and the cloud lookup will also have windows applications on the safe list. I can switch users no problem so it’s most likely a configuration issue on your end but I also made a wish to include additional windows applications to the Windows Applications file group which will by default be treated as the Windows System Application HIPS predefined ruleset.
Yes when you export a configuration that is were all settings for CIS are stored but from importing your config HIPS was set to safe mode and it seems you are mostly using the default proactive config. To see the HIPS event logs go to general tasks and select view logs then from the drop down list choose HIPS events and right-clink inside the event log window and select from the context-menu entire period.
Yes the config you attached that I then imported had HIPS to Safe Mode and the settings shouldn’t reset when exporting or importing the configuration. Re-try exporting your active configuration and when asked to save changes before exporting click yes.